]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - drivers/nfc/pn533.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:


1016e09620686361b82289c09ccf5c40f97b8d63
[mirror_ubuntu-zesty-kernel.git] / drivers / nfc / pn533.c
1 /*
2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
3 *
4 * Authors:
5 * Lauro Ramos Venancio <lauro.venancio@openbossa.org>
6 * Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the
20 * Free Software Foundation, Inc.,
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 */
23
24 #include <linux/device.h>
25 #include <linux/kernel.h>
26 #include <linux/module.h>
27 #include <linux/slab.h>
28 #include <linux/usb.h>
29 #include <linux/nfc.h>
30 #include <linux/netdevice.h>
31 #include <net/nfc/nfc.h>
32
33 #define VERSION "0.1"
34
35 #define PN533_VENDOR_ID 0x4CC
36 #define PN533_PRODUCT_ID 0x2533
37
38 #define SCM_VENDOR_ID 0x4E6
39 #define SCL3711_PRODUCT_ID 0x5591
40
41 #define SONY_VENDOR_ID 0x054c
42 #define PASORI_PRODUCT_ID 0x02e1
43
44 #define PN533_DEVICE_STD 0x1
45 #define PN533_DEVICE_PASORI 0x2
46
47 #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
48 NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
49 NFC_PROTO_NFC_DEP_MASK |\
50 NFC_PROTO_ISO14443_B_MASK)
51
52 #define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
53 NFC_PROTO_MIFARE_MASK | \
54 NFC_PROTO_FELICA_MASK | \
55 NFC_PROTO_ISO14443_MASK | \
56 NFC_PROTO_NFC_DEP_MASK)
57
58 static const struct usb_device_id pn533_table[] = {
59 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
60 .idVendor = PN533_VENDOR_ID,
61 .idProduct = PN533_PRODUCT_ID,
62 .driver_info = PN533_DEVICE_STD,
63 },
64 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
65 .idVendor = SCM_VENDOR_ID,
66 .idProduct = SCL3711_PRODUCT_ID,
67 .driver_info = PN533_DEVICE_STD,
68 },
69 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
70 .idVendor = SONY_VENDOR_ID,
71 .idProduct = PASORI_PRODUCT_ID,
72 .driver_info = PN533_DEVICE_PASORI,
73 },
74 { }
75 };
76 MODULE_DEVICE_TABLE(usb, pn533_table);
77
78 /* How much time we spend listening for initiators */
79 #define PN533_LISTEN_TIME 2
80
81 /* frame definitions */
82 #define PN533_NORMAL_FRAME_MAX_LEN 262 /* 6 (PREAMBLE, SOF, LEN, LCS, TFI)
83 254 (DATA)
84 2 (DCS, postamble) */
85 #define PN533_FRAME_HEADER_LEN (sizeof(struct pn533_frame) \
86 + 2) /* data[0] TFI, data[1] CC */
87 #define PN533_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/
88
89 /*
90 * Max extended frame payload len, excluding TFI and CC
91 * which are already in PN533_FRAME_HEADER_LEN.
92 */
93 #define PN533_FRAME_MAX_PAYLOAD_LEN 263
94
95 #define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
96 PN533_FRAME_TAIL_LEN)
97 #define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
98 #define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
99 #define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
100
101 /* start of frame */
102 #define PN533_SOF 0x00FF
103
104 /* frame identifier: in/out/error */
105 #define PN533_FRAME_IDENTIFIER(f) (f->data[0])
106 #define PN533_DIR_OUT 0xD4
107 #define PN533_DIR_IN 0xD5
108
109 /* PN533 Commands */
110 #define PN533_FRAME_CMD(f) (f->data[1])
111 #define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
112 #define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
113
114 #define PN533_CMD_GET_FIRMWARE_VERSION 0x02
115 #define PN533_CMD_RF_CONFIGURATION 0x32
116 #define PN533_CMD_IN_DATA_EXCHANGE 0x40
117 #define PN533_CMD_IN_COMM_THRU 0x42
118 #define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
119 #define PN533_CMD_IN_ATR 0x50
120 #define PN533_CMD_IN_RELEASE 0x52
121 #define PN533_CMD_IN_JUMP_FOR_DEP 0x56
122
123 #define PN533_CMD_TG_INIT_AS_TARGET 0x8c
124 #define PN533_CMD_TG_GET_DATA 0x86
125 #define PN533_CMD_TG_SET_DATA 0x8e
126 #define PN533_CMD_UNDEF 0xff
127
128 #define PN533_CMD_RESPONSE(cmd) (cmd + 1)
129
130 /* PN533 Return codes */
131 #define PN533_CMD_RET_MASK 0x3F
132 #define PN533_CMD_MI_MASK 0x40
133 #define PN533_CMD_RET_SUCCESS 0x00
134
135 struct pn533;
136
137 typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
138 u8 *params, int params_len);
139
140 typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg,
141 struct sk_buff *resp);
142
143 /* structs for pn533 commands */
144
145 /* PN533_CMD_GET_FIRMWARE_VERSION */
146 struct pn533_fw_version {
147 u8 ic;
148 u8 ver;
149 u8 rev;
150 u8 support;
151 };
152
153 /* PN533_CMD_RF_CONFIGURATION */
154 #define PN533_CFGITEM_TIMING 0x02
155 #define PN533_CFGITEM_MAX_RETRIES 0x05
156 #define PN533_CFGITEM_PASORI 0x82
157
158 #define PN533_CONFIG_TIMING_102 0xb
159 #define PN533_CONFIG_TIMING_204 0xc
160 #define PN533_CONFIG_TIMING_409 0xd
161 #define PN533_CONFIG_TIMING_819 0xe
162
163 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
164 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
165
166 struct pn533_config_max_retries {
167 u8 mx_rty_atr;
168 u8 mx_rty_psl;
169 u8 mx_rty_passive_act;
170 } __packed;
171
172 struct pn533_config_timing {
173 u8 rfu;
174 u8 atr_res_timeout;
175 u8 dep_timeout;
176 } __packed;
177
178 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
179
180 /* felica commands opcode */
181 #define PN533_FELICA_OPC_SENSF_REQ 0
182 #define PN533_FELICA_OPC_SENSF_RES 1
183 /* felica SENSF_REQ parameters */
184 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
185 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
186 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
187 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
188
189 /* type B initiator_data values */
190 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
191 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
192 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
193
194 union pn533_cmd_poll_initdata {
195 struct {
196 u8 afi;
197 u8 polling_method;
198 } __packed type_b;
199 struct {
200 u8 opcode;
201 __be16 sc;
202 u8 rc;
203 u8 tsn;
204 } __packed felica;
205 };
206
207 /* Poll modulations */
208 enum {
209 PN533_POLL_MOD_106KBPS_A,
210 PN533_POLL_MOD_212KBPS_FELICA,
211 PN533_POLL_MOD_424KBPS_FELICA,
212 PN533_POLL_MOD_106KBPS_JEWEL,
213 PN533_POLL_MOD_847KBPS_B,
214 PN533_LISTEN_MOD,
215
216 __PN533_POLL_MOD_AFTER_LAST,
217 };
218 #define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
219
220 struct pn533_poll_modulations {
221 struct {
222 u8 maxtg;
223 u8 brty;
224 union pn533_cmd_poll_initdata initiator_data;
225 } __packed data;
226 u8 len;
227 };
228
229 const struct pn533_poll_modulations poll_mod[] = {
230 [PN533_POLL_MOD_106KBPS_A] = {
231 .data = {
232 .maxtg = 1,
233 .brty = 0,
234 },
235 .len = 2,
236 },
237 [PN533_POLL_MOD_212KBPS_FELICA] = {
238 .data = {
239 .maxtg = 1,
240 .brty = 1,
241 .initiator_data.felica = {
242 .opcode = PN533_FELICA_OPC_SENSF_REQ,
243 .sc = PN533_FELICA_SENSF_SC_ALL,
244 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
245 .tsn = 0,
246 },
247 },
248 .len = 7,
249 },
250 [PN533_POLL_MOD_424KBPS_FELICA] = {
251 .data = {
252 .maxtg = 1,
253 .brty = 2,
254 .initiator_data.felica = {
255 .opcode = PN533_FELICA_OPC_SENSF_REQ,
256 .sc = PN533_FELICA_SENSF_SC_ALL,
257 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
258 .tsn = 0,
259 },
260 },
261 .len = 7,
262 },
263 [PN533_POLL_MOD_106KBPS_JEWEL] = {
264 .data = {
265 .maxtg = 1,
266 .brty = 4,
267 },
268 .len = 2,
269 },
270 [PN533_POLL_MOD_847KBPS_B] = {
271 .data = {
272 .maxtg = 1,
273 .brty = 8,
274 .initiator_data.type_b = {
275 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
276 .polling_method =
277 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
278 },
279 },
280 .len = 3,
281 },
282 [PN533_LISTEN_MOD] = {
283 .len = 0,
284 },
285 };
286
287 /* PN533_CMD_IN_ATR */
288
289 struct pn533_cmd_activate_response {
290 u8 status;
291 u8 nfcid3t[10];
292 u8 didt;
293 u8 bst;
294 u8 brt;
295 u8 to;
296 u8 ppt;
297 /* optional */
298 u8 gt[];
299 } __packed;
300
301 struct pn533_cmd_jump_dep_response {
302 u8 status;
303 u8 tg;
304 u8 nfcid3t[10];
305 u8 didt;
306 u8 bst;
307 u8 brt;
308 u8 to;
309 u8 ppt;
310 /* optional */
311 u8 gt[];
312 } __packed;
313
314
315 /* PN533_TG_INIT_AS_TARGET */
316 #define PN533_INIT_TARGET_PASSIVE 0x1
317 #define PN533_INIT_TARGET_DEP 0x2
318
319 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
320 #define PN533_INIT_TARGET_RESP_ACTIVE 0x1
321 #define PN533_INIT_TARGET_RESP_DEP 0x4
322
323 struct pn533 {
324 struct usb_device *udev;
325 struct usb_interface *interface;
326 struct nfc_dev *nfc_dev;
327
328 struct urb *out_urb;
329 struct pn533_frame *out_frame;
330
331 struct urb *in_urb;
332 struct pn533_frame *in_frame;
333
334 struct sk_buff_head resp_q;
335
336 struct workqueue_struct *wq;
337 struct work_struct cmd_work;
338 struct work_struct cmd_complete_work;
339 struct work_struct poll_work;
340 struct work_struct mi_work;
341 struct work_struct tg_work;
342 struct timer_list listen_timer;
343 struct pn533_frame *wq_in_frame;
344 int wq_in_error;
345 int cancel_listen;
346
347 pn533_cmd_complete_t cmd_complete;
348 void *cmd_complete_arg;
349 void *cmd_complete_mi_arg;
350 struct mutex cmd_lock;
351 u8 cmd;
352
353 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
354 u8 poll_mod_count;
355 u8 poll_mod_curr;
356 u32 poll_protocols;
357 u32 listen_protocols;
358
359 u8 *gb;
360 size_t gb_len;
361
362 u8 tgt_available_prots;
363 u8 tgt_active_prot;
364 u8 tgt_mode;
365
366 u32 device_type;
367
368 struct list_head cmd_queue;
369 u8 cmd_pending;
370 };
371
372 struct pn533_cmd {
373 struct list_head queue;
374 struct pn533_frame *out_frame;
375 struct pn533_frame *in_frame;
376 int in_frame_len;
377 u8 cmd_code;
378 struct sk_buff *req;
379 struct sk_buff *resp;
380 pn533_cmd_complete_t cmd_complete;
381 void *arg;
382 };
383
384 struct pn533_frame {
385 u8 preamble;
386 __be16 start_frame;
387 u8 datalen;
388 u8 datalen_checksum;
389 u8 data[];
390 } __packed;
391
392 /* The rule: value + checksum = 0 */
393 static inline u8 pn533_checksum(u8 value)
394 {
395 return ~value + 1;
396 }
397
398 /* The rule: sum(data elements) + checksum = 0 */
399 static u8 pn533_data_checksum(u8 *data, int datalen)
400 {
401 u8 sum = 0;
402 int i;
403
404 for (i = 0; i < datalen; i++)
405 sum += data[i];
406
407 return pn533_checksum(sum);
408 }
409
410 /**
411 * pn533_tx_frame_ack - create a ack frame
412 * @frame: The frame to be set as ack
413 *
414 * Ack is different type of standard frame. As a standard frame, it has
415 * preamble and start_frame. However the checksum of this frame must fail,
416 * i.e. datalen + datalen_checksum must NOT be zero. When the checksum test
417 * fails and datalen = 0 and datalen_checksum = 0xFF, the frame is a ack.
418 * After datalen_checksum field, the postamble is placed.
419 */
420 static void pn533_tx_frame_ack(struct pn533_frame *frame)
421 {
422 frame->preamble = 0;
423 frame->start_frame = cpu_to_be16(PN533_SOF);
424 frame->datalen = 0;
425 frame->datalen_checksum = 0xFF;
426 /* data[0] is used as postamble */
427 frame->data[0] = 0;
428 }
429
430 static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
431 {
432 frame->preamble = 0;
433 frame->start_frame = cpu_to_be16(PN533_SOF);
434 PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
435 PN533_FRAME_CMD(frame) = cmd;
436 frame->datalen = 2;
437 }
438
439 static void pn533_tx_frame_finish(struct pn533_frame *frame)
440 {
441 frame->datalen_checksum = pn533_checksum(frame->datalen);
442
443 PN533_FRAME_CHECKSUM(frame) =
444 pn533_data_checksum(frame->data, frame->datalen);
445
446 PN533_FRAME_POSTAMBLE(frame) = 0;
447 }
448
449 static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
450 {
451 u8 checksum;
452
453 if (frame->start_frame != cpu_to_be16(PN533_SOF))
454 return false;
455
456 checksum = pn533_checksum(frame->datalen);
457 if (checksum != frame->datalen_checksum)
458 return false;
459
460 checksum = pn533_data_checksum(frame->data, frame->datalen);
461 if (checksum != PN533_FRAME_CHECKSUM(frame))
462 return false;
463
464 return true;
465 }
466
467 static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
468 {
469 if (frame->start_frame != cpu_to_be16(PN533_SOF))
470 return false;
471
472 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
473 return false;
474
475 return true;
476 }
477
478 static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
479 {
480 return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
481 }
482
483
484 static void pn533_wq_cmd_complete(struct work_struct *work)
485 {
486 struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
487 struct pn533_frame *in_frame;
488 int rc;
489
490 in_frame = dev->wq_in_frame;
491
492 if (dev->wq_in_error)
493 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
494 dev->wq_in_error);
495 else
496 rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
497 PN533_FRAME_CMD_PARAMS_PTR(in_frame),
498 PN533_FRAME_CMD_PARAMS_LEN(in_frame));
499
500 if (rc != -EINPROGRESS)
501 queue_work(dev->wq, &dev->cmd_work);
502 }
503
504 static void pn533_recv_response(struct urb *urb)
505 {
506 struct pn533 *dev = urb->context;
507 struct pn533_frame *in_frame;
508
509 dev->wq_in_frame = NULL;
510
511 switch (urb->status) {
512 case 0:
513 /* success */
514 break;
515 case -ECONNRESET:
516 case -ENOENT:
517 case -ESHUTDOWN:
518 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
519 " status: %d", urb->status);
520 dev->wq_in_error = urb->status;
521 goto sched_wq;
522 default:
523 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
524 " %d", urb->status);
525 dev->wq_in_error = urb->status;
526 goto sched_wq;
527 }
528
529 in_frame = dev->in_urb->transfer_buffer;
530
531 print_hex_dump(KERN_DEBUG, "PN533 RX: ", DUMP_PREFIX_NONE, 16, 1,
532 in_frame, PN533_FRAME_SIZE(in_frame), false);
533
534 if (!pn533_rx_frame_is_valid(in_frame)) {
535 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
536 dev->wq_in_error = -EIO;
537 goto sched_wq;
538 }
539
540 if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
541 nfc_dev_err(&dev->interface->dev, "The received frame is not "
542 "response to the last command");
543 dev->wq_in_error = -EIO;
544 goto sched_wq;
545 }
546
547 nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
548 dev->wq_in_error = 0;
549 dev->wq_in_frame = in_frame;
550
551 sched_wq:
552 queue_work(dev->wq, &dev->cmd_complete_work);
553 }
554
555 static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
556 {
557 dev->in_urb->complete = pn533_recv_response;
558
559 return usb_submit_urb(dev->in_urb, flags);
560 }
561
562 static void pn533_recv_ack(struct urb *urb)
563 {
564 struct pn533 *dev = urb->context;
565 struct pn533_frame *in_frame;
566 int rc;
567
568 switch (urb->status) {
569 case 0:
570 /* success */
571 break;
572 case -ECONNRESET:
573 case -ENOENT:
574 case -ESHUTDOWN:
575 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
576 " status: %d", urb->status);
577 dev->wq_in_error = urb->status;
578 goto sched_wq;
579 default:
580 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
581 " %d", urb->status);
582 dev->wq_in_error = urb->status;
583 goto sched_wq;
584 }
585
586 in_frame = dev->in_urb->transfer_buffer;
587
588 if (!pn533_rx_frame_is_ack(in_frame)) {
589 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
590 dev->wq_in_error = -EIO;
591 goto sched_wq;
592 }
593
594 nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
595
596 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
597 if (rc) {
598 nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
599 " result %d", rc);
600 dev->wq_in_error = rc;
601 goto sched_wq;
602 }
603
604 return;
605
606 sched_wq:
607 dev->wq_in_frame = NULL;
608 queue_work(dev->wq, &dev->cmd_complete_work);
609 }
610
611 static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
612 {
613 dev->in_urb->complete = pn533_recv_ack;
614
615 return usb_submit_urb(dev->in_urb, flags);
616 }
617
618 static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
619 {
620 int rc;
621
622 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
623
624 pn533_tx_frame_ack(dev->out_frame);
625
626 dev->out_urb->transfer_buffer = dev->out_frame;
627 dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
628 rc = usb_submit_urb(dev->out_urb, flags);
629
630 return rc;
631 }
632
633 static int __pn533_send_cmd_frame_async(struct pn533 *dev,
634 struct pn533_frame *out_frame,
635 struct pn533_frame *in_frame,
636 int in_frame_len,
637 pn533_cmd_complete_t cmd_complete,
638 void *arg)
639 {
640 int rc;
641
642 nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
643 PN533_FRAME_CMD(out_frame));
644
645 dev->cmd = PN533_FRAME_CMD(out_frame);
646 dev->cmd_complete = cmd_complete;
647 dev->cmd_complete_arg = arg;
648
649 dev->out_urb->transfer_buffer = out_frame;
650 dev->out_urb->transfer_buffer_length =
651 PN533_FRAME_SIZE(out_frame);
652
653 dev->in_urb->transfer_buffer = in_frame;
654 dev->in_urb->transfer_buffer_length = in_frame_len;
655
656 print_hex_dump(KERN_DEBUG, "PN533 TX: ", DUMP_PREFIX_NONE, 16, 1,
657 out_frame, PN533_FRAME_SIZE(out_frame), false);
658
659 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
660 if (rc)
661 return rc;
662
663 rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL);
664 if (rc)
665 goto error;
666
667 return 0;
668
669 error:
670 usb_unlink_urb(dev->out_urb);
671 return rc;
672 }
673
674 static void pn533_build_cmd_frame(u8 cmd_code, struct sk_buff *skb)
675 {
676 struct pn533_frame *frame;
677 /* payload is already there, just update datalen */
678 int payload_len = skb->len;
679
680 skb_push(skb, PN533_FRAME_HEADER_LEN);
681 skb_put(skb, PN533_FRAME_TAIL_LEN);
682
683 frame = (struct pn533_frame *)skb->data;
684
685 pn533_tx_frame_init(frame, cmd_code);
686 frame->datalen += payload_len;
687 pn533_tx_frame_finish(frame);
688 }
689
690 struct pn533_send_async_complete_arg {
691 pn533_send_async_complete_t complete_cb;
692 void *complete_cb_context;
693 struct sk_buff *resp;
694 struct sk_buff *req;
695 };
696
697 static int pn533_send_async_complete(struct pn533 *dev, void *_arg, u8 *params,
698 int params_len)
699 {
700 struct pn533_send_async_complete_arg *arg = _arg;
701
702 struct sk_buff *req = arg->req;
703 struct sk_buff *resp = arg->resp;
704
705 struct pn533_frame *frame = (struct pn533_frame *)resp->data;
706 int rc;
707
708 dev_kfree_skb(req);
709
710 if (params_len < 0) {
711 nfc_dev_err(&dev->interface->dev,
712 "Error %d when starting as a target",
713 params_len);
714
715 arg->complete_cb(dev, arg->complete_cb_context,
716 ERR_PTR(params_len));
717 rc = params_len;
718 dev_kfree_skb(resp);
719 goto out;
720 }
721
722 skb_put(resp, PN533_FRAME_SIZE(frame));
723 skb_pull(resp, PN533_FRAME_HEADER_LEN);
724 skb_trim(resp, resp->len - PN533_FRAME_TAIL_LEN);
725
726 rc = arg->complete_cb(dev, arg->complete_cb_context, resp);
727
728 out:
729 kfree(arg);
730 return rc;
731 }
732
733 static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
734 struct sk_buff *req, struct sk_buff *resp,
735 int resp_len,
736 pn533_send_async_complete_t complete_cb,
737 void *complete_cb_context)
738 {
739 struct pn533_cmd *cmd;
740 struct pn533_send_async_complete_arg *arg;
741 int rc = 0;
742
743 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
744
745 arg = kzalloc(sizeof(arg), GFP_KERNEL);
746 if (!arg)
747 return -ENOMEM;
748
749 arg->complete_cb = complete_cb;
750 arg->complete_cb_context = complete_cb_context;
751 arg->resp = resp;
752 arg->req = req;
753
754 pn533_build_cmd_frame(cmd_code, req);
755
756 mutex_lock(&dev->cmd_lock);
757
758 if (!dev->cmd_pending) {
759 rc = __pn533_send_cmd_frame_async(dev,
760 (struct pn533_frame *)req->data,
761 (struct pn533_frame *)resp->data,
762 resp_len, pn533_send_async_complete,
763 arg);
764 if (rc)
765 goto error;
766
767 dev->cmd_pending = 1;
768 goto unlock;
769 }
770
771 nfc_dev_dbg(&dev->interface->dev, "%s Queueing command", __func__);
772
773 cmd = kzalloc(sizeof(struct pn533_cmd), GFP_KERNEL);
774 if (!cmd) {
775 rc = -ENOMEM;
776 goto error;
777 }
778
779 INIT_LIST_HEAD(&cmd->queue);
780 cmd->cmd_code = cmd_code;
781 cmd->req = req;
782 cmd->resp = resp;
783 cmd->arg = arg;
784
785 list_add_tail(&cmd->queue, &dev->cmd_queue);
786
787 goto unlock;
788
789 error:
790 kfree(arg);
791 unlock:
792 mutex_unlock(&dev->cmd_lock);
793 return rc;
794 }
795
796 static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code,
797 struct sk_buff *req,
798 pn533_send_async_complete_t complete_cb,
799 void *complete_cb_context)
800 {
801 struct sk_buff *resp;
802 int rc;
803 int resp_len = PN533_FRAME_HEADER_LEN +
804 PN533_FRAME_MAX_PAYLOAD_LEN +
805 PN533_FRAME_TAIL_LEN;
806
807 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
808
809 resp = nfc_alloc_recv_skb(resp_len, GFP_KERNEL);
810 if (!resp)
811 return -ENOMEM;
812
813 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
814 complete_cb_context);
815 if (rc)
816 dev_kfree_skb(resp);
817
818 return rc;
819 }
820
821 static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
822 struct sk_buff *req,
823 pn533_send_async_complete_t complete_cb,
824 void *complete_cb_context)
825 {
826 struct sk_buff *resp;
827 int rc;
828
829 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
830
831 resp = alloc_skb(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
832 if (!resp)
833 return -ENOMEM;
834
835 rc = __pn533_send_async(dev, cmd_code, req, resp,
836 PN533_NORMAL_FRAME_MAX_LEN,
837 complete_cb, complete_cb_context);
838 if (rc)
839 dev_kfree_skb(resp);
840
841 return rc;
842 }
843
844 /*
845 * pn533_send_cmd_direct_async
846 *
847 * The function sends a piority cmd directly to the chip omiting the cmd
848 * queue. It's intended to be used by chaining mechanism of received responses
849 * where the host has to request every single chunk of data before scheduling
850 * next cmd from the queue.
851 */
852 static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code,
853 struct sk_buff *req,
854 pn533_send_async_complete_t complete_cb,
855 void *complete_cb_context)
856 {
857 struct pn533_send_async_complete_arg *arg;
858 struct sk_buff *resp;
859 int rc;
860 int resp_len = PN533_FRAME_HEADER_LEN +
861 PN533_FRAME_MAX_PAYLOAD_LEN +
862 PN533_FRAME_TAIL_LEN;
863
864 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
865
866 resp = alloc_skb(resp_len, GFP_KERNEL);
867 if (!resp)
868 return -ENOMEM;
869
870 arg = kzalloc(sizeof(arg), GFP_KERNEL);
871 if (!arg) {
872 dev_kfree_skb(resp);
873 return -ENOMEM;
874 }
875
876 arg->complete_cb = complete_cb;
877 arg->complete_cb_context = complete_cb_context;
878 arg->resp = resp;
879 arg->req = req;
880
881 pn533_build_cmd_frame(cmd_code, req);
882
883 rc = __pn533_send_cmd_frame_async(dev, (struct pn533_frame *)req->data,
884 (struct pn533_frame *)resp->data,
885 resp_len, pn533_send_async_complete,
886 arg);
887 if (rc < 0) {
888 dev_kfree_skb(resp);
889 kfree(arg);
890 }
891
892 return rc;
893 }
894
895 static void pn533_wq_cmd(struct work_struct *work)
896 {
897 struct pn533 *dev = container_of(work, struct pn533, cmd_work);
898 struct pn533_cmd *cmd;
899
900 mutex_lock(&dev->cmd_lock);
901
902 if (list_empty(&dev->cmd_queue)) {
903 dev->cmd_pending = 0;
904 mutex_unlock(&dev->cmd_lock);
905 return;
906 }
907
908 cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
909
910 list_del(&cmd->queue);
911
912 mutex_unlock(&dev->cmd_lock);
913
914 if (cmd->cmd_code != PN533_CMD_UNDEF)
915 __pn533_send_cmd_frame_async(dev,
916 (struct pn533_frame *)cmd->req->data,
917 (struct pn533_frame *)cmd->resp->data,
918 PN533_NORMAL_FRAME_MAX_LEN,
919 pn533_send_async_complete,
920 cmd->arg);
921 else
922 __pn533_send_cmd_frame_async(dev, cmd->out_frame, cmd->in_frame,
923 cmd->in_frame_len,
924 cmd->cmd_complete, cmd->arg);
925
926 kfree(cmd);
927 }
928
929 static int pn533_send_cmd_frame_async(struct pn533 *dev,
930 struct pn533_frame *out_frame,
931 struct pn533_frame *in_frame,
932 int in_frame_len,
933 pn533_cmd_complete_t cmd_complete,
934 void *arg)
935 {
936 struct pn533_cmd *cmd;
937 int rc = 0;
938
939 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
940
941 mutex_lock(&dev->cmd_lock);
942
943 if (!dev->cmd_pending) {
944 rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
945 in_frame_len, cmd_complete,
946 arg);
947 if (!rc)
948 dev->cmd_pending = 1;
949
950 goto unlock;
951 }
952
953 nfc_dev_dbg(&dev->interface->dev, "%s Queueing command", __func__);
954
955 cmd = kzalloc(sizeof(struct pn533_cmd), GFP_KERNEL);
956 if (!cmd) {
957 rc = -ENOMEM;
958 goto unlock;
959 }
960
961 INIT_LIST_HEAD(&cmd->queue);
962 cmd->out_frame = out_frame;
963 cmd->in_frame = in_frame;
964 cmd->in_frame_len = in_frame_len;
965 cmd->cmd_code = PN533_CMD_UNDEF;
966 cmd->cmd_complete = cmd_complete;
967 cmd->arg = arg;
968
969 list_add_tail(&cmd->queue, &dev->cmd_queue);
970
971 unlock:
972 mutex_unlock(&dev->cmd_lock);
973
974 return rc;
975 }
976
977 struct pn533_sync_cmd_response {
978 struct sk_buff *resp;
979 struct completion done;
980 };
981
982 static int pn533_send_sync_complete(struct pn533 *dev, void *_arg,
983 struct sk_buff *resp)
984 {
985 struct pn533_sync_cmd_response *arg = _arg;
986
987 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
988
989 arg->resp = resp;
990 complete(&arg->done);
991
992 return 0;
993 }
994
995 /* pn533_send_cmd_sync
996 *
997 * Please note the req parameter is freed inside the function to
998 * limit a number of return value interpretations by the caller.
999 *
1000 * 1. negative in case of error during TX path -> req should be freed
1001 *
1002 * 2. negative in case of error during RX path -> req should not be freed
1003 * as it's been already freed at the begining of RX path by
1004 * async_complete_cb.
1005 *
1006 * 3. valid pointer in case of succesfult RX path
1007 *
1008 * A caller has to check a return value with IS_ERR macro. If the test pass,
1009 * the returned pointer is valid.
1010 *
1011 * */
1012 static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code,
1013 struct sk_buff *req)
1014 {
1015 int rc;
1016 struct pn533_sync_cmd_response arg;
1017
1018 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1019
1020 init_completion(&arg.done);
1021
1022 rc = pn533_send_cmd_async(dev, cmd_code, req,
1023 pn533_send_sync_complete, &arg);
1024 if (rc) {
1025 dev_kfree_skb(req);
1026 return ERR_PTR(rc);
1027 }
1028
1029 wait_for_completion(&arg.done);
1030
1031 return arg.resp;
1032 }
1033
1034 static void pn533_send_complete(struct urb *urb)
1035 {
1036 struct pn533 *dev = urb->context;
1037
1038 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1039
1040 switch (urb->status) {
1041 case 0:
1042 /* success */
1043 break;
1044 case -ECONNRESET:
1045 case -ENOENT:
1046 case -ESHUTDOWN:
1047 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
1048 " status: %d", urb->status);
1049 break;
1050 default:
1051 nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
1052 " %d", urb->status);
1053 }
1054 }
1055
1056 static struct sk_buff *pn533_alloc_skb(unsigned int size)
1057 {
1058 struct sk_buff *skb;
1059
1060 skb = alloc_skb(PN533_FRAME_HEADER_LEN +
1061 size +
1062 PN533_FRAME_TAIL_LEN, GFP_KERNEL);
1063
1064 if (skb)
1065 skb_reserve(skb, PN533_FRAME_HEADER_LEN);
1066
1067 return skb;
1068 }
1069
1070 struct pn533_target_type_a {
1071 __be16 sens_res;
1072 u8 sel_res;
1073 u8 nfcid_len;
1074 u8 nfcid_data[];
1075 } __packed;
1076
1077
1078 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
1079 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
1080 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
1081
1082 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
1083 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
1084
1085 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
1086 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
1087
1088 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
1089 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
1090 #define PN533_TYPE_A_SEL_PROT_DEP 2
1091 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
1092
1093 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
1094 int target_data_len)
1095 {
1096 u8 ssd;
1097 u8 platconf;
1098
1099 if (target_data_len < sizeof(struct pn533_target_type_a))
1100 return false;
1101
1102 /* The lenght check of nfcid[] and ats[] are not being performed because
1103 the values are not being used */
1104
1105 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1106 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
1107 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
1108
1109 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1110 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1111 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1112 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1113 return false;
1114
1115 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
1116 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
1117 return false;
1118
1119 return true;
1120 }
1121
1122 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
1123 int tgt_data_len)
1124 {
1125 struct pn533_target_type_a *tgt_type_a;
1126
1127 tgt_type_a = (struct pn533_target_type_a *) tgt_data;
1128
1129 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
1130 return -EPROTO;
1131
1132 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
1133 case PN533_TYPE_A_SEL_PROT_MIFARE:
1134 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
1135 break;
1136 case PN533_TYPE_A_SEL_PROT_ISO14443:
1137 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
1138 break;
1139 case PN533_TYPE_A_SEL_PROT_DEP:
1140 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1141 break;
1142 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
1143 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
1144 NFC_PROTO_NFC_DEP_MASK;
1145 break;
1146 }
1147
1148 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
1149 nfc_tgt->sel_res = tgt_type_a->sel_res;
1150 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
1151 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
1152
1153 return 0;
1154 }
1155
1156 struct pn533_target_felica {
1157 u8 pol_res;
1158 u8 opcode;
1159 u8 nfcid2[8];
1160 u8 pad[8];
1161 /* optional */
1162 u8 syst_code[];
1163 } __packed;
1164
1165 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
1166 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
1167
1168 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
1169 int target_data_len)
1170 {
1171 if (target_data_len < sizeof(struct pn533_target_felica))
1172 return false;
1173
1174 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
1175 return false;
1176
1177 return true;
1178 }
1179
1180 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
1181 int tgt_data_len)
1182 {
1183 struct pn533_target_felica *tgt_felica;
1184
1185 tgt_felica = (struct pn533_target_felica *) tgt_data;
1186
1187 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
1188 return -EPROTO;
1189
1190 if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
1191 tgt_felica->nfcid2[1] ==
1192 PN533_FELICA_SENSF_NFCID2_DEP_B2)
1193 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1194 else
1195 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
1196
1197 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
1198 nfc_tgt->sensf_res_len = 9;
1199
1200 return 0;
1201 }
1202
1203 struct pn533_target_jewel {
1204 __be16 sens_res;
1205 u8 jewelid[4];
1206 } __packed;
1207
1208 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
1209 int target_data_len)
1210 {
1211 u8 ssd;
1212 u8 platconf;
1213
1214 if (target_data_len < sizeof(struct pn533_target_jewel))
1215 return false;
1216
1217 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1218 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
1219 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
1220
1221 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1222 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1223 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1224 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1225 return false;
1226
1227 return true;
1228 }
1229
1230 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
1231 int tgt_data_len)
1232 {
1233 struct pn533_target_jewel *tgt_jewel;
1234
1235 tgt_jewel = (struct pn533_target_jewel *) tgt_data;
1236
1237 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
1238 return -EPROTO;
1239
1240 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1241 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
1242 nfc_tgt->nfcid1_len = 4;
1243 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1244
1245 return 0;
1246 }
1247
1248 struct pn533_type_b_prot_info {
1249 u8 bitrate;
1250 u8 fsci_type;
1251 u8 fwi_adc_fo;
1252 } __packed;
1253
1254 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1255 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1256 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1257
1258 struct pn533_type_b_sens_res {
1259 u8 opcode;
1260 u8 nfcid[4];
1261 u8 appdata[4];
1262 struct pn533_type_b_prot_info prot_info;
1263 } __packed;
1264
1265 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
1266
1267 struct pn533_target_type_b {
1268 struct pn533_type_b_sens_res sensb_res;
1269 u8 attrib_res_len;
1270 u8 attrib_res[];
1271 } __packed;
1272
1273 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1274 int target_data_len)
1275 {
1276 if (target_data_len < sizeof(struct pn533_target_type_b))
1277 return false;
1278
1279 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1280 return false;
1281
1282 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1283 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1284 return false;
1285
1286 return true;
1287 }
1288
1289 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1290 int tgt_data_len)
1291 {
1292 struct pn533_target_type_b *tgt_type_b;
1293
1294 tgt_type_b = (struct pn533_target_type_b *) tgt_data;
1295
1296 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1297 return -EPROTO;
1298
1299 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1300
1301 return 0;
1302 }
1303
1304 static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata,
1305 int tgdata_len)
1306 {
1307 struct nfc_target nfc_tgt;
1308 int rc;
1309
1310 nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1311 dev->poll_mod_curr);
1312
1313 if (tg != 1)
1314 return -EPROTO;
1315
1316 memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1317
1318 switch (dev->poll_mod_curr) {
1319 case PN533_POLL_MOD_106KBPS_A:
1320 rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
1321 break;
1322 case PN533_POLL_MOD_212KBPS_FELICA:
1323 case PN533_POLL_MOD_424KBPS_FELICA:
1324 rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
1325 break;
1326 case PN533_POLL_MOD_106KBPS_JEWEL:
1327 rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
1328 break;
1329 case PN533_POLL_MOD_847KBPS_B:
1330 rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
1331 break;
1332 default:
1333 nfc_dev_err(&dev->interface->dev,
1334 "Unknown current poll modulation");
1335 return -EPROTO;
1336 }
1337
1338 if (rc)
1339 return rc;
1340
1341 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1342 nfc_dev_dbg(&dev->interface->dev,
1343 "The Tg found doesn't have the desired protocol");
1344 return -EAGAIN;
1345 }
1346
1347 nfc_dev_dbg(&dev->interface->dev,
1348 "Target found - supported protocols: 0x%x",
1349 nfc_tgt.supported_protocols);
1350
1351 dev->tgt_available_prots = nfc_tgt.supported_protocols;
1352
1353 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1354
1355 return 0;
1356 }
1357
1358 static inline void pn533_poll_next_mod(struct pn533 *dev)
1359 {
1360 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1361 }
1362
1363 static void pn533_poll_reset_mod_list(struct pn533 *dev)
1364 {
1365 dev->poll_mod_count = 0;
1366 }
1367
1368 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1369 {
1370 dev->poll_mod_active[dev->poll_mod_count] =
1371 (struct pn533_poll_modulations *) &poll_mod[mod_index];
1372 dev->poll_mod_count++;
1373 }
1374
1375 static void pn533_poll_create_mod_list(struct pn533 *dev,
1376 u32 im_protocols, u32 tm_protocols)
1377 {
1378 pn533_poll_reset_mod_list(dev);
1379
1380 if (im_protocols & NFC_PROTO_MIFARE_MASK
1381 || im_protocols & NFC_PROTO_ISO14443_MASK
1382 || im_protocols & NFC_PROTO_NFC_DEP_MASK)
1383 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1384
1385 if (im_protocols & NFC_PROTO_FELICA_MASK
1386 || im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1387 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1388 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1389 }
1390
1391 if (im_protocols & NFC_PROTO_JEWEL_MASK)
1392 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1393
1394 if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1395 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1396
1397 if (tm_protocols)
1398 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1399 }
1400
1401 static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp)
1402 {
1403 u8 nbtg, tg, *tgdata;
1404 int rc, tgdata_len;
1405
1406 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1407
1408 nbtg = resp->data[0];
1409 tg = resp->data[1];
1410 tgdata = &resp->data[2];
1411 tgdata_len = resp->len - 2; /* nbtg + tg */
1412
1413 if (nbtg) {
1414 rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
1415
1416 /* We must stop the poll after a valid target found */
1417 if (rc == 0) {
1418 pn533_poll_reset_mod_list(dev);
1419 return 0;
1420 }
1421 }
1422
1423 return -EAGAIN;
1424 }
1425
1426 static struct sk_buff *pn533_alloc_poll_tg_frame(u8 *gbytes, size_t gbytes_len)
1427 {
1428 struct sk_buff *skb;
1429 u8 *felica, *nfcid3, *gb;
1430
1431 u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1432 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1433 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1434 0xff, 0xff}; /* System code */
1435
1436 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1437 0x0, 0x0, 0x0,
1438 0x40}; /* SEL_RES for DEP */
1439
1440 unsigned int skb_len = 36 + /* mode (1), mifare (6),
1441 felica (18), nfcid3 (10), gb_len (1) */
1442 gbytes_len +
1443 1; /* len Tk*/
1444
1445 skb = pn533_alloc_skb(skb_len);
1446 if (!skb)
1447 return NULL;
1448
1449 /* DEP support only */
1450 *skb_put(skb, 1) |= PN533_INIT_TARGET_DEP;
1451
1452 /* MIFARE params */
1453 memcpy(skb_put(skb, 6), mifare_params, 6);
1454
1455 /* Felica params */
1456 felica = skb_put(skb, 18);
1457 memcpy(felica, felica_params, 18);
1458 get_random_bytes(felica + 2, 6);
1459
1460 /* NFCID3 */
1461 nfcid3 = skb_put(skb, 10);
1462 memset(nfcid3, 0, 10);
1463 memcpy(nfcid3, felica, 8);
1464
1465 /* General bytes */
1466 *skb_put(skb, 1) = gbytes_len;
1467
1468 gb = skb_put(skb, gbytes_len);
1469 memcpy(gb, gbytes, gbytes_len);
1470
1471 /* Len Tk */
1472 *skb_put(skb, 1) = 0;
1473
1474 return skb;
1475 }
1476
1477 #define PN533_CMD_DATAEXCH_HEAD_LEN 1
1478 #define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1479 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1480 struct sk_buff *resp)
1481 {
1482 u8 status;
1483
1484 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1485
1486 if (IS_ERR(resp))
1487 return PTR_ERR(resp);
1488
1489 status = resp->data[0];
1490 skb_pull(resp, sizeof(status));
1491
1492 if (status != 0) {
1493 nfc_tm_deactivated(dev->nfc_dev);
1494 dev->tgt_mode = 0;
1495 dev_kfree_skb(resp);
1496 return 0;
1497 }
1498
1499 return nfc_tm_data_received(dev->nfc_dev, resp);
1500 }
1501
1502 static void pn533_wq_tg_get_data(struct work_struct *work)
1503 {
1504 struct pn533 *dev = container_of(work, struct pn533, tg_work);
1505
1506 struct sk_buff *skb;
1507 int rc;
1508
1509 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1510
1511 skb = pn533_alloc_skb(0);
1512 if (!skb)
1513 return;
1514
1515 rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb,
1516 pn533_tm_get_data_complete, NULL);
1517
1518 if (rc < 0)
1519 dev_kfree_skb(skb);
1520
1521 return;
1522 }
1523
1524 #define ATR_REQ_GB_OFFSET 17
1525 static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp)
1526 {
1527 u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb;
1528 size_t gb_len;
1529 int rc;
1530
1531 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1532
1533 if (resp->len < ATR_REQ_GB_OFFSET + 1)
1534 return -EINVAL;
1535
1536 mode = resp->data[0];
1537 cmd = &resp->data[1];
1538
1539 nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n",
1540 mode, resp->len);
1541
1542 if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
1543 PN533_INIT_TARGET_RESP_ACTIVE)
1544 comm_mode = NFC_COMM_ACTIVE;
1545
1546 if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0) /* Only DEP supported */
1547 return -EOPNOTSUPP;
1548
1549 gb = cmd + ATR_REQ_GB_OFFSET;
1550 gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
1551
1552 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1553 comm_mode, gb, gb_len);
1554 if (rc < 0) {
1555 nfc_dev_err(&dev->interface->dev,
1556 "Error when signaling target activation");
1557 return rc;
1558 }
1559
1560 dev->tgt_mode = 1;
1561 queue_work(dev->wq, &dev->tg_work);
1562
1563 return 0;
1564 }
1565
1566 static void pn533_listen_mode_timer(unsigned long data)
1567 {
1568 struct pn533 *dev = (struct pn533 *) data;
1569
1570 nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1571
1572 /* An ack will cancel the last issued command (poll) */
1573 pn533_send_ack(dev, GFP_ATOMIC);
1574
1575 dev->cancel_listen = 1;
1576
1577 pn533_poll_next_mod(dev);
1578
1579 queue_work(dev->wq, &dev->poll_work);
1580 }
1581
1582 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1583 struct sk_buff *resp)
1584 {
1585 struct pn533_poll_modulations *cur_mod;
1586 int rc;
1587
1588 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1589
1590 if (IS_ERR(resp)) {
1591 rc = PTR_ERR(resp);
1592
1593 nfc_dev_err(&dev->interface->dev, "%s Poll complete error %d",
1594 __func__, rc);
1595
1596 if (rc == -ENOENT) {
1597 if (dev->poll_mod_count != 0)
1598 return rc;
1599 else
1600 goto stop_poll;
1601 } else if (rc < 0) {
1602 nfc_dev_err(&dev->interface->dev,
1603 "Error %d when running poll", rc);
1604 goto stop_poll;
1605 }
1606 }
1607
1608 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1609
1610 if (cur_mod->len == 0) { /* Target mode */
1611 del_timer(&dev->listen_timer);
1612 rc = pn533_init_target_complete(dev, resp);
1613 goto done;
1614 }
1615
1616 /* Initiator mode */
1617 rc = pn533_start_poll_complete(dev, resp);
1618 if (!rc)
1619 goto done;
1620
1621 pn533_poll_next_mod(dev);
1622 queue_work(dev->wq, &dev->poll_work);
1623
1624 done:
1625 dev_kfree_skb(resp);
1626 return rc;
1627
1628 stop_poll:
1629 nfc_dev_err(&dev->interface->dev, "Polling operation has been stopped");
1630
1631 pn533_poll_reset_mod_list(dev);
1632 dev->poll_protocols = 0;
1633 return rc;
1634 }
1635
1636 static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533_poll_modulations
1637 *mod)
1638 {
1639 struct sk_buff *skb;
1640
1641 skb = pn533_alloc_skb(mod->len);
1642 if (!skb)
1643 return NULL;
1644
1645 memcpy(skb_put(skb, mod->len), &mod->data, mod->len);
1646
1647 return skb;
1648 }
1649
1650 static int pn533_send_poll_frame(struct pn533 *dev)
1651 {
1652 struct pn533_poll_modulations *mod;
1653 struct sk_buff *skb;
1654 int rc;
1655 u8 cmd_code;
1656
1657 mod = dev->poll_mod_active[dev->poll_mod_curr];
1658
1659 nfc_dev_dbg(&dev->interface->dev, "%s mod len %d\n",
1660 __func__, mod->len);
1661
1662 if (mod->len == 0) { /* Listen mode */
1663 cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
1664 skb = pn533_alloc_poll_tg_frame(dev->gb, dev->gb_len);
1665 } else { /* Polling mode */
1666 cmd_code = PN533_CMD_IN_LIST_PASSIVE_TARGET;
1667 skb = pn533_alloc_poll_in_frame(mod);
1668 }
1669
1670 if (!skb) {
1671 nfc_dev_err(&dev->interface->dev, "Failed to allocate skb.");
1672 return -ENOMEM;
1673 }
1674
1675 rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
1676 NULL);
1677 if (rc < 0) {
1678 dev_kfree_skb(skb);
1679 nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1680 }
1681
1682 return rc;
1683 }
1684
1685 static void pn533_wq_poll(struct work_struct *work)
1686 {
1687 struct pn533 *dev = container_of(work, struct pn533, poll_work);
1688 struct pn533_poll_modulations *cur_mod;
1689 int rc;
1690
1691 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1692
1693 nfc_dev_dbg(&dev->interface->dev,
1694 "%s cancel_listen %d modulation len %d",
1695 __func__, dev->cancel_listen, cur_mod->len);
1696
1697 if (dev->cancel_listen == 1) {
1698 dev->cancel_listen = 0;
1699 usb_kill_urb(dev->in_urb);
1700 }
1701
1702 rc = pn533_send_poll_frame(dev);
1703 if (rc)
1704 return;
1705
1706 if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1707 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1708
1709 return;
1710 }
1711
1712 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1713 u32 im_protocols, u32 tm_protocols)
1714 {
1715 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1716
1717 nfc_dev_dbg(&dev->interface->dev,
1718 "%s: im protocols 0x%x tm protocols 0x%x",
1719 __func__, im_protocols, tm_protocols);
1720
1721 if (dev->tgt_active_prot) {
1722 nfc_dev_err(&dev->interface->dev,
1723 "Cannot poll with a target already activated");
1724 return -EBUSY;
1725 }
1726
1727 if (dev->tgt_mode) {
1728 nfc_dev_err(&dev->interface->dev,
1729 "Cannot poll while already being activated");
1730 return -EBUSY;
1731 }
1732
1733 if (tm_protocols) {
1734 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1735 if (dev->gb == NULL)
1736 tm_protocols = 0;
1737 }
1738
1739 dev->poll_mod_curr = 0;
1740 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1741 dev->poll_protocols = im_protocols;
1742 dev->listen_protocols = tm_protocols;
1743
1744 return pn533_send_poll_frame(dev);
1745 }
1746
1747 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1748 {
1749 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1750
1751 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1752
1753 del_timer(&dev->listen_timer);
1754
1755 if (!dev->poll_mod_count) {
1756 nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1757 " running");
1758 return;
1759 }
1760
1761 /* An ack will cancel the last issued command (poll) */
1762 pn533_send_ack(dev, GFP_KERNEL);
1763
1764 /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1765 usb_kill_urb(dev->in_urb);
1766
1767 pn533_poll_reset_mod_list(dev);
1768 }
1769
1770 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1771 {
1772 struct pn533_cmd_activate_response *rsp;
1773 u16 gt_len;
1774 int rc;
1775
1776 struct sk_buff *skb;
1777 struct sk_buff *resp;
1778
1779 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1780
1781 skb = pn533_alloc_skb(sizeof(u8) * 2); /*TG + Next*/
1782 if (!skb)
1783 return -ENOMEM;
1784
1785 *skb_put(skb, sizeof(u8)) = 1; /* TG */
1786 *skb_put(skb, sizeof(u8)) = 0; /* Next */
1787
1788 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb);
1789 if (IS_ERR(resp))
1790 return PTR_ERR(resp);
1791
1792 rsp = (struct pn533_cmd_activate_response *) resp->data;
1793 rc = rsp->status & PN533_CMD_RET_MASK;
1794 if (rc != PN533_CMD_RET_SUCCESS)
1795 dev_kfree_skb(resp);
1796 return -EIO;
1797
1798 /* ATR_RES general bytes are located at offset 16 */
1799 gt_len = resp->len - 16;
1800 rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len);
1801
1802 dev_kfree_skb(resp);
1803 return rc;
1804 }
1805
1806 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1807 struct nfc_target *target, u32 protocol)
1808 {
1809 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1810 int rc;
1811
1812 nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1813 protocol);
1814
1815 if (dev->poll_mod_count) {
1816 nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1817 " polling");
1818 return -EBUSY;
1819 }
1820
1821 if (dev->tgt_active_prot) {
1822 nfc_dev_err(&dev->interface->dev, "There is already an active"
1823 " target");
1824 return -EBUSY;
1825 }
1826
1827 if (!dev->tgt_available_prots) {
1828 nfc_dev_err(&dev->interface->dev, "There is no available target"
1829 " to activate");
1830 return -EINVAL;
1831 }
1832
1833 if (!(dev->tgt_available_prots & (1 << protocol))) {
1834 nfc_dev_err(&dev->interface->dev, "The target does not support"
1835 " the requested protocol %u", protocol);
1836 return -EINVAL;
1837 }
1838
1839 if (protocol == NFC_PROTO_NFC_DEP) {
1840 rc = pn533_activate_target_nfcdep(dev);
1841 if (rc) {
1842 nfc_dev_err(&dev->interface->dev, "Error %d when"
1843 " activating target with"
1844 " NFC_DEP protocol", rc);
1845 return rc;
1846 }
1847 }
1848
1849 dev->tgt_active_prot = protocol;
1850 dev->tgt_available_prots = 0;
1851
1852 return 0;
1853 }
1854
1855 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1856 struct nfc_target *target)
1857 {
1858 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1859
1860 struct sk_buff *skb;
1861 struct sk_buff *resp;
1862
1863 int rc;
1864
1865 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1866
1867 if (!dev->tgt_active_prot) {
1868 nfc_dev_err(&dev->interface->dev, "There is no active target");
1869 return;
1870 }
1871
1872 dev->tgt_active_prot = 0;
1873 skb_queue_purge(&dev->resp_q);
1874
1875 skb = pn533_alloc_skb(sizeof(u8));
1876 if (!skb)
1877 return;
1878
1879 *skb_put(skb, 1) = 1; /* TG*/
1880
1881 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_RELEASE, skb);
1882 if (IS_ERR(resp))
1883 return;
1884
1885 rc = resp->data[0] & PN533_CMD_RET_MASK;
1886 if (rc != PN533_CMD_RET_SUCCESS)
1887 nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1888 " the target", rc);
1889
1890 dev_kfree_skb(resp);
1891 return;
1892 }
1893
1894
1895 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1896 struct sk_buff *resp)
1897 {
1898 struct pn533_cmd_jump_dep_response *rsp;
1899 u8 target_gt_len;
1900 int rc;
1901 u8 active = *(u8 *)arg;
1902
1903 kfree(arg);
1904
1905 if (IS_ERR(resp))
1906 return PTR_ERR(resp);
1907
1908 if (dev->tgt_available_prots &&
1909 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1910 nfc_dev_err(&dev->interface->dev,
1911 "The target does not support DEP");
1912 rc = -EINVAL;
1913 goto error;
1914 }
1915
1916 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1917
1918 rc = rsp->status & PN533_CMD_RET_MASK;
1919 if (rc != PN533_CMD_RET_SUCCESS) {
1920 nfc_dev_err(&dev->interface->dev,
1921 "Bringing DEP link up failed %d", rc);
1922 goto error;
1923 }
1924
1925 if (!dev->tgt_available_prots) {
1926 struct nfc_target nfc_target;
1927
1928 nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1929
1930 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1931 nfc_target.nfcid1_len = 10;
1932 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
1933 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1934 if (rc)
1935 goto error;
1936
1937 dev->tgt_available_prots = 0;
1938 }
1939
1940 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1941
1942 /* ATR_RES general bytes are located at offset 17 */
1943 target_gt_len = resp->len - 17;
1944 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1945 rsp->gt, target_gt_len);
1946 if (rc == 0)
1947 rc = nfc_dep_link_is_up(dev->nfc_dev,
1948 dev->nfc_dev->targets[0].idx,
1949 !active, NFC_RF_INITIATOR);
1950
1951 error:
1952 dev_kfree_skb(resp);
1953 return rc;
1954 }
1955
1956 static int pn533_mod_to_baud(struct pn533 *dev)
1957 {
1958 switch (dev->poll_mod_curr) {
1959 case PN533_POLL_MOD_106KBPS_A:
1960 return 0;
1961 case PN533_POLL_MOD_212KBPS_FELICA:
1962 return 1;
1963 case PN533_POLL_MOD_424KBPS_FELICA:
1964 return 2;
1965 default:
1966 return -EINVAL;
1967 }
1968 }
1969
1970 #define PASSIVE_DATA_LEN 5
1971 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1972 u8 comm_mode, u8* gb, size_t gb_len)
1973 {
1974 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1975 struct sk_buff *skb;
1976 int rc, baud, skb_len;
1977 u8 *next, *arg;
1978
1979 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1980
1981 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1982
1983 if (dev->poll_mod_count) {
1984 nfc_dev_err(&dev->interface->dev,
1985 "Cannot bring the DEP link up while polling");
1986 return -EBUSY;
1987 }
1988
1989 if (dev->tgt_active_prot) {
1990 nfc_dev_err(&dev->interface->dev,
1991 "There is already an active target");
1992 return -EBUSY;
1993 }
1994
1995 baud = pn533_mod_to_baud(dev);
1996 if (baud < 0) {
1997 nfc_dev_err(&dev->interface->dev,
1998 "Invalid curr modulation %d", dev->poll_mod_curr);
1999 return baud;
2000 }
2001
2002 skb_len = 3 + gb_len; /* ActPass + BR + Next */
2003 if (comm_mode == NFC_COMM_PASSIVE)
2004 skb_len += PASSIVE_DATA_LEN;
2005
2006 skb = pn533_alloc_skb(skb_len);
2007 if (!skb)
2008 return -ENOMEM;
2009
2010 *skb_put(skb, 1) = !comm_mode; /* ActPass */
2011 *skb_put(skb, 1) = baud; /* Baud rate */
2012
2013 next = skb_put(skb, 1); /* Next */
2014 *next = 0;
2015
2016 if (comm_mode == NFC_COMM_PASSIVE && baud > 0) {
2017 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data,
2018 PASSIVE_DATA_LEN);
2019 *next |= 1;
2020 }
2021
2022 if (gb != NULL && gb_len > 0) {
2023 memcpy(skb_put(skb, gb_len), gb, gb_len);
2024 *next |= 4; /* We have some Gi */
2025 } else {
2026 *next = 0;
2027 }
2028
2029 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2030 if (!arg) {
2031 dev_kfree_skb(skb);
2032 return -ENOMEM;
2033 }
2034
2035 *arg = !comm_mode;
2036
2037 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
2038 pn533_in_dep_link_up_complete, arg);
2039
2040 if (rc < 0) {
2041 dev_kfree_skb(skb);
2042 kfree(arg);
2043 }
2044
2045 return rc;
2046 }
2047
2048 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
2049 {
2050 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2051
2052 pn533_poll_reset_mod_list(dev);
2053
2054 if (dev->tgt_mode || dev->tgt_active_prot) {
2055 pn533_send_ack(dev, GFP_KERNEL);
2056 usb_kill_urb(dev->in_urb);
2057 }
2058
2059 dev->tgt_active_prot = 0;
2060 dev->tgt_mode = 0;
2061
2062 skb_queue_purge(&dev->resp_q);
2063
2064 return 0;
2065 }
2066
2067 struct pn533_data_exchange_arg {
2068 data_exchange_cb_t cb;
2069 void *cb_context;
2070 };
2071
2072 static struct sk_buff *pn533_build_response(struct pn533 *dev)
2073 {
2074 struct sk_buff *skb, *tmp, *t;
2075 unsigned int skb_len = 0, tmp_len = 0;
2076
2077 nfc_dev_dbg(&dev->interface->dev, "%s\n", __func__);
2078
2079 if (skb_queue_empty(&dev->resp_q))
2080 return NULL;
2081
2082 if (skb_queue_len(&dev->resp_q) == 1) {
2083 skb = skb_dequeue(&dev->resp_q);
2084 goto out;
2085 }
2086
2087 skb_queue_walk_safe(&dev->resp_q, tmp, t)
2088 skb_len += tmp->len;
2089
2090 nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
2091 __func__, skb_len);
2092
2093 skb = alloc_skb(skb_len, GFP_KERNEL);
2094 if (skb == NULL)
2095 goto out;
2096
2097 skb_put(skb, skb_len);
2098
2099 skb_queue_walk_safe(&dev->resp_q, tmp, t) {
2100 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
2101 tmp_len += tmp->len;
2102 }
2103
2104 out:
2105 skb_queue_purge(&dev->resp_q);
2106
2107 return skb;
2108 }
2109
2110 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
2111 struct sk_buff *resp)
2112 {
2113 struct pn533_data_exchange_arg *arg = _arg;
2114 struct sk_buff *skb;
2115 int rc = 0;
2116 u8 status, ret, mi;
2117
2118 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2119
2120 if (IS_ERR(resp)) {
2121 rc = PTR_ERR(resp);
2122 goto _error;
2123 }
2124
2125 status = resp->data[0];
2126 ret = status & PN533_CMD_RET_MASK;
2127 mi = status & PN533_CMD_MI_MASK;
2128
2129 skb_pull(resp, sizeof(status));
2130
2131 if (ret != PN533_CMD_RET_SUCCESS) {
2132 nfc_dev_err(&dev->interface->dev,
2133 "PN533 reported error %d when exchanging data",
2134 ret);
2135 rc = -EIO;
2136 goto error;
2137 }
2138
2139 skb_queue_tail(&dev->resp_q, resp);
2140
2141 if (mi) {
2142 dev->cmd_complete_mi_arg = arg;
2143 queue_work(dev->wq, &dev->mi_work);
2144 return -EINPROGRESS;
2145 }
2146
2147 skb = pn533_build_response(dev);
2148 if (!skb)
2149 goto error;
2150
2151 arg->cb(arg->cb_context, skb, 0);
2152 kfree(arg);
2153 return 0;
2154
2155 error:
2156 dev_kfree_skb(resp);
2157 _error:
2158 skb_queue_purge(&dev->resp_q);
2159 arg->cb(arg->cb_context, NULL, rc);
2160 kfree(arg);
2161 return rc;
2162 }
2163
2164 static int pn533_transceive(struct nfc_dev *nfc_dev,
2165 struct nfc_target *target, struct sk_buff *skb,
2166 data_exchange_cb_t cb, void *cb_context)
2167 {
2168 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2169 struct pn533_data_exchange_arg *arg = NULL;
2170 int rc;
2171
2172 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2173
2174 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2175 /* TODO: Implement support to multi-part data exchange */
2176 nfc_dev_err(&dev->interface->dev,
2177 "Data length greater than the max allowed: %d",
2178 PN533_CMD_DATAEXCH_DATA_MAXLEN);
2179 rc = -ENOSYS;
2180 goto error;
2181 }
2182
2183 if (!dev->tgt_active_prot) {
2184 nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
2185 " there is no active target");
2186 rc = -EINVAL;
2187 goto error;
2188 }
2189
2190 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2191 if (!arg) {
2192 rc = -ENOMEM;
2193 goto error;
2194 }
2195
2196 arg->cb = cb;
2197 arg->cb_context = cb_context;
2198
2199 switch (dev->device_type) {
2200 case PN533_DEVICE_PASORI:
2201 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2202 rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU,
2203 skb,
2204 pn533_data_exchange_complete,
2205 arg);
2206
2207 break;
2208 }
2209 default:
2210 *skb_push(skb, sizeof(u8)) = 1; /*TG*/
2211
2212 rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE,
2213 skb, pn533_data_exchange_complete,
2214 arg);
2215
2216 break;
2217 }
2218
2219 if (rc < 0) /* rc from send_async */
2220 goto error;
2221
2222 return 0;
2223
2224 error:
2225 kfree(arg);
2226 dev_kfree_skb(skb);
2227 return rc;
2228 }
2229
2230 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2231 struct sk_buff *resp)
2232 {
2233 u8 status;
2234
2235 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2236
2237 if (IS_ERR(resp))
2238 return PTR_ERR(resp);
2239
2240 status = resp->data[0];
2241
2242 dev_kfree_skb(resp);
2243
2244 if (status != 0) {
2245 nfc_tm_deactivated(dev->nfc_dev);
2246
2247 dev->tgt_mode = 0;
2248
2249 return 0;
2250 }
2251
2252 queue_work(dev->wq, &dev->tg_work);
2253
2254 return 0;
2255 }
2256
2257 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2258 {
2259 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2260 int rc;
2261
2262 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2263
2264 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2265 nfc_dev_err(&dev->interface->dev,
2266 "Data length greater than the max allowed: %d",
2267 PN533_CMD_DATAEXCH_DATA_MAXLEN);
2268 return -ENOSYS;
2269 }
2270
2271 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb,
2272 pn533_tm_send_complete, NULL);
2273 if (rc < 0)
2274 dev_kfree_skb(skb);
2275
2276 return rc;
2277 }
2278
2279 static void pn533_wq_mi_recv(struct work_struct *work)
2280 {
2281 struct pn533 *dev = container_of(work, struct pn533, mi_work);
2282
2283 struct sk_buff *skb;
2284 int rc;
2285
2286 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2287
2288 skb = pn533_alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN);
2289 if (!skb)
2290 goto error;
2291
2292 switch (dev->device_type) {
2293 case PN533_DEVICE_PASORI:
2294 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2295 rc = pn533_send_cmd_direct_async(dev,
2296 PN533_CMD_IN_COMM_THRU,
2297 skb,
2298 pn533_data_exchange_complete,
2299 dev->cmd_complete_mi_arg);
2300
2301 break;
2302 }
2303 default:
2304 *skb_put(skb, sizeof(u8)) = 1; /*TG*/
2305
2306 rc = pn533_send_cmd_direct_async(dev,
2307 PN533_CMD_IN_DATA_EXCHANGE,
2308 skb,
2309 pn533_data_exchange_complete,
2310 dev->cmd_complete_mi_arg);
2311
2312 break;
2313 }
2314
2315 if (rc == 0) /* success */
2316 return;
2317
2318 nfc_dev_err(&dev->interface->dev,
2319 "Error %d when trying to perform data_exchange", rc);
2320
2321 dev_kfree_skb(skb);
2322 kfree(dev->cmd_complete_arg);
2323
2324 error:
2325 pn533_send_ack(dev, GFP_KERNEL);
2326 queue_work(dev->wq, &dev->cmd_work);
2327 }
2328
2329 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2330 u8 cfgdata_len)
2331 {
2332 struct sk_buff *skb;
2333 struct sk_buff *resp;
2334
2335 int skb_len;
2336
2337 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2338
2339 skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */
2340
2341 skb = pn533_alloc_skb(skb_len);
2342 if (!skb)
2343 return -ENOMEM;
2344
2345 *skb_put(skb, sizeof(cfgitem)) = cfgitem;
2346 memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len);
2347
2348 resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb);
2349 if (IS_ERR(resp))
2350 return PTR_ERR(resp);
2351
2352 dev_kfree_skb(resp);
2353 return 0;
2354 }
2355
2356 static int pn533_get_firmware_version(struct pn533 *dev,
2357 struct pn533_fw_version *fv)
2358 {
2359 struct sk_buff *skb;
2360 struct sk_buff *resp;
2361
2362 skb = pn533_alloc_skb(0);
2363 if (!skb)
2364 return -ENOMEM;
2365
2366 resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb);
2367 if (IS_ERR(resp))
2368 return PTR_ERR(resp);
2369
2370 fv->ic = resp->data[0];
2371 fv->ver = resp->data[1];
2372 fv->rev = resp->data[2];
2373 fv->support = resp->data[3];
2374
2375 dev_kfree_skb(resp);
2376 return 0;
2377 }
2378
2379 static int pn533_fw_reset(struct pn533 *dev)
2380 {
2381 struct sk_buff *skb;
2382 struct sk_buff *resp;
2383
2384 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2385
2386 skb = pn533_alloc_skb(sizeof(u8));
2387 if (!skb)
2388 return -ENOMEM;
2389
2390 *skb_put(skb, sizeof(u8)) = 0x1;
2391
2392 resp = pn533_send_cmd_sync(dev, 0x18, skb);
2393 if (IS_ERR(resp))
2394 return PTR_ERR(resp);
2395
2396 dev_kfree_skb(resp);
2397
2398 return 0;
2399 }
2400
2401 static struct nfc_ops pn533_nfc_ops = {
2402 .dev_up = NULL,
2403 .dev_down = NULL,
2404 .dep_link_up = pn533_dep_link_up,
2405 .dep_link_down = pn533_dep_link_down,
2406 .start_poll = pn533_start_poll,
2407 .stop_poll = pn533_stop_poll,
2408 .activate_target = pn533_activate_target,
2409 .deactivate_target = pn533_deactivate_target,
2410 .im_transceive = pn533_transceive,
2411 .tm_send = pn533_tm_send,
2412 };
2413
2414 static int pn533_setup(struct pn533 *dev)
2415 {
2416 struct pn533_config_max_retries max_retries;
2417 struct pn533_config_timing timing;
2418 u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2419 int rc;
2420
2421 switch (dev->device_type) {
2422 case PN533_DEVICE_STD:
2423 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2424 max_retries.mx_rty_psl = 2;
2425 max_retries.mx_rty_passive_act =
2426 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2427
2428 timing.rfu = PN533_CONFIG_TIMING_102;
2429 timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2430 timing.dep_timeout = PN533_CONFIG_TIMING_409;
2431
2432 break;
2433
2434 case PN533_DEVICE_PASORI:
2435 max_retries.mx_rty_atr = 0x2;
2436 max_retries.mx_rty_psl = 0x1;
2437 max_retries.mx_rty_passive_act =
2438 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2439
2440 timing.rfu = PN533_CONFIG_TIMING_102;
2441 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2442 timing.dep_timeout = PN533_CONFIG_TIMING_204;
2443
2444 break;
2445
2446 default:
2447 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2448 dev->device_type);
2449 return -EINVAL;
2450 }
2451
2452 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2453 (u8 *)&max_retries, sizeof(max_retries));
2454 if (rc) {
2455 nfc_dev_err(&dev->interface->dev,
2456 "Error on setting MAX_RETRIES config");
2457 return rc;
2458 }
2459
2460
2461 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2462 (u8 *)&timing, sizeof(timing));
2463 if (rc) {
2464 nfc_dev_err(&dev->interface->dev,
2465 "Error on setting RF timings");
2466 return rc;
2467 }
2468
2469 switch (dev->device_type) {
2470 case PN533_DEVICE_STD:
2471 break;
2472
2473 case PN533_DEVICE_PASORI:
2474 pn533_fw_reset(dev);
2475
2476 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2477 pasori_cfg, 3);
2478 if (rc) {
2479 nfc_dev_err(&dev->interface->dev,
2480 "Error while settings PASORI config");
2481 return rc;
2482 }
2483
2484 pn533_fw_reset(dev);
2485
2486 break;
2487 }
2488
2489 return 0;
2490 }
2491
2492 static int pn533_probe(struct usb_interface *interface,
2493 const struct usb_device_id *id)
2494 {
2495 struct pn533_fw_version fw_ver;
2496 struct pn533 *dev;
2497 struct usb_host_interface *iface_desc;
2498 struct usb_endpoint_descriptor *endpoint;
2499 int in_endpoint = 0;
2500 int out_endpoint = 0;
2501 int rc = -ENOMEM;
2502 int i;
2503 u32 protocols;
2504
2505 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2506 if (!dev)
2507 return -ENOMEM;
2508
2509 dev->udev = usb_get_dev(interface_to_usbdev(interface));
2510 dev->interface = interface;
2511 mutex_init(&dev->cmd_lock);
2512
2513 iface_desc = interface->cur_altsetting;
2514 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2515 endpoint = &iface_desc->endpoint[i].desc;
2516
2517 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
2518 in_endpoint = endpoint->bEndpointAddress;
2519
2520 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
2521 out_endpoint = endpoint->bEndpointAddress;
2522 }
2523
2524 if (!in_endpoint || !out_endpoint) {
2525 nfc_dev_err(&interface->dev, "Could not find bulk-in or"
2526 " bulk-out endpoint");
2527 rc = -ENODEV;
2528 goto error;
2529 }
2530
2531 dev->in_frame = kmalloc(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
2532 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2533 dev->out_frame = kmalloc(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
2534 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2535
2536 if (!dev->in_frame || !dev->out_frame ||
2537 !dev->in_urb || !dev->out_urb)
2538 goto error;
2539
2540 usb_fill_bulk_urb(dev->in_urb, dev->udev,
2541 usb_rcvbulkpipe(dev->udev, in_endpoint),
2542 NULL, 0, NULL, dev);
2543 usb_fill_bulk_urb(dev->out_urb, dev->udev,
2544 usb_sndbulkpipe(dev->udev, out_endpoint),
2545 NULL, 0,
2546 pn533_send_complete, dev);
2547
2548 INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2549 INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2550 INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2551 INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2552 INIT_WORK(&dev->poll_work, pn533_wq_poll);
2553 dev->wq = alloc_ordered_workqueue("pn533", 0);
2554 if (dev->wq == NULL)
2555 goto error;
2556
2557 init_timer(&dev->listen_timer);
2558 dev->listen_timer.data = (unsigned long) dev;
2559 dev->listen_timer.function = pn533_listen_mode_timer;
2560
2561 skb_queue_head_init(&dev->resp_q);
2562
2563 INIT_LIST_HEAD(&dev->cmd_queue);
2564
2565 usb_set_intfdata(interface, dev);
2566
2567 memset(&fw_ver, 0, sizeof(fw_ver));
2568 rc = pn533_get_firmware_version(dev, &fw_ver);
2569 if (rc < 0)
2570 goto destroy_wq;
2571
2572 nfc_dev_info(&dev->interface->dev,
2573 "NXP PN533 firmware ver %d.%d now attached",
2574 fw_ver.ver, fw_ver.rev);
2575
2576 dev->device_type = id->driver_info;
2577 switch (dev->device_type) {
2578 case PN533_DEVICE_STD:
2579 protocols = PN533_ALL_PROTOCOLS;
2580 break;
2581
2582 case PN533_DEVICE_PASORI:
2583 protocols = PN533_NO_TYPE_B_PROTOCOLS;
2584 break;
2585
2586 default:
2587 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2588 dev->device_type);
2589 rc = -EINVAL;
2590 goto destroy_wq;
2591 }
2592
2593 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2594 PN533_FRAME_HEADER_LEN +
2595 PN533_CMD_DATAEXCH_HEAD_LEN,
2596 PN533_FRAME_TAIL_LEN);
2597 if (!dev->nfc_dev)
2598 goto destroy_wq;
2599
2600 nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2601 nfc_set_drvdata(dev->nfc_dev, dev);
2602
2603 rc = nfc_register_device(dev->nfc_dev);
2604 if (rc)
2605 goto free_nfc_dev;
2606
2607 rc = pn533_setup(dev);
2608 if (rc)
2609 goto unregister_nfc_dev;
2610
2611 return 0;
2612
2613 unregister_nfc_dev:
2614 nfc_unregister_device(dev->nfc_dev);
2615
2616 free_nfc_dev:
2617 nfc_free_device(dev->nfc_dev);
2618
2619 destroy_wq:
2620 destroy_workqueue(dev->wq);
2621 error:
2622 kfree(dev->in_frame);
2623 usb_free_urb(dev->in_urb);
2624 kfree(dev->out_frame);
2625 usb_free_urb(dev->out_urb);
2626 kfree(dev);
2627 return rc;
2628 }
2629
2630 static void pn533_disconnect(struct usb_interface *interface)
2631 {
2632 struct pn533 *dev;
2633 struct pn533_cmd *cmd, *n;
2634
2635 dev = usb_get_intfdata(interface);
2636 usb_set_intfdata(interface, NULL);
2637
2638 nfc_unregister_device(dev->nfc_dev);
2639 nfc_free_device(dev->nfc_dev);
2640
2641 usb_kill_urb(dev->in_urb);
2642 usb_kill_urb(dev->out_urb);
2643
2644 destroy_workqueue(dev->wq);
2645
2646 skb_queue_purge(&dev->resp_q);
2647
2648 del_timer(&dev->listen_timer);
2649
2650 list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2651 list_del(&cmd->queue);
2652 kfree(cmd);
2653 }
2654
2655 kfree(dev->in_frame);
2656 usb_free_urb(dev->in_urb);
2657 kfree(dev->out_frame);
2658 usb_free_urb(dev->out_urb);
2659 kfree(dev);
2660
2661 nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2662 }
2663
2664 static struct usb_driver pn533_driver = {
2665 .name = "pn533",
2666 .probe = pn533_probe,
2667 .disconnect = pn533_disconnect,
2668 .id_table = pn533_table,
2669 };
2670
2671 module_usb_driver(pn533_driver);
2672
2673 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2674 " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2675 MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2676 MODULE_VERSION(VERSION);
2677 MODULE_LICENSE("GPL");
ubuntu-zesty-kernel mirror